Secure Data Transmission System

ABSTRACT

A secure messaging system that requires pairing of second and receiving devices via user identification credentials and the associated media access control addresses (MAC addresses) of the paired devices. Paired devices may communicate encrypted messages and deletion parameters may be established by a sending device, including immediate deletion requests. The message and the instructions are automatically decrypted by the receiving device and interpreted to provide the data and configure the deletion parameters. The system preferably manages device pairing via a remote server that is accessed by a device application.

CROSS-REFERENCE TO RELATED APPLICATIONS

The present application is a continuation of U.S. application Ser. No.13/897,865, filed on May 20, 2013, which claims priority to U.S.Provisional Patent Application No. 61/795,804, filed on Oct. 26, 2012,and U.S. Provisional Patent Application No. 61/688,712, filed on May 21,2012.

BACKGROUND OF THE INVENTION

1. Field of the Invention

The present invention relates to data transmission systems and, moreparticularly, to a system that provides identity and data theftprotection.

2. Description of the Related Art

Messaging over the internet and mobile cellular networks has beengrowing at an astonishing rate over the last decade, and includes thetransmission of additional date, such as sound, video, and picturefiles. A primary concern in the use of messaging systems is the securityand integrity of such data transmission. While some solutions exist thatperform encryption on transmitted data or require encryption keys, thereis no way to know whether the receiving party is the intended target orwhether a third party with unauthorized access has intercepted or brokenthe encryption. In addition, there is typically no way to ensure thatthe receiving party deletes sensitive messages or data as promised.Accordingly, there is a need in the art for a data transmission systemthat can verify the receiving party is authorized to receive thetransmission and is actually the authorized party prior to datatransmission, and that can ensure the appropriate deletion of receiveddata after transmission.

BRIEF SUMMARY OF THE INVENTION

The present invention comprises a secure messaging system that providesidentity and data theft protection by requiring that devicesparticipating in the transmission of data be paired via an exchange ofmedia access control addresses (MAC addresses). By requiring the pairingof devices via exchanged MAC addresses before data can be transferredbetween devices, data transmission security is enhanced. In anembodiment of the present invention, sent data may also be deleted froma receiving device after it has been reviewed, such as by a remotesender, thereby further ensuring data security and protecting againstidentity theft. In the data transmission process according to thepresent invention, a request to transmit data, such as encrypted text,an image, sound, video, or music file, a check is first made todetermine whether the sending and receiving devices have been paired.For example, a check may be made via a host server.

Once a paired relationship has been verified, data is sent to thereceiving device in encrypted fashion along with instructions on howlong the message is to be made available for viewing before automaticdeletion. The message and the instructions are automatically decryptedby the receiving device and interpreted to provide the data andconfigure the deletion parameters. Alternatively, a sending device maytransmit a delete instruction that deletes a received data fileregardless of whether the file was reviewed, viewed or used.

BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWING(S)

The present invention will be more fully understood and appreciated byreading the following Detailed Description in conjunction with theaccompanying drawings, in which:

FIG. 1 is a schematic of a secure messaging system according to thepresent invention implemented into two smart phones;

FIG. 2 is a schematic of a user device management module according tothe present invention;

FIG. 3 is a schematic of data flow in a secure messaging systemaccording to the present invention.

FIG. 4 is a schematic of message sending and receiving according to thepresent invention; and

FIG. 5 is a schematic of the hierarchy of servers according to thepresent invention.

DETAILED DESCRIPTION OF THE INVENTION

Referring now to the drawings, wherein like reference numerals refer tolike parts throughout, there is seen in FIG. 1 a schematic of the securemessaging system 10 according to the present invention that is based inpart on pairing of devices 12 and 14 using MAC addresses, with aredevice identifiers that are each uniquely associated with a networkadapter to identify a device on a network. A typical MAC addressconsists of 12 hexadecimal numbers, typically formatted as followsXX:XX:XX:YY:YY:YY. System 10 is designed to allow for the secure pairingof a sending (or receiving) device 12 running system 10 with a receiving(or sending) device 14 also implementing system 10. It should berecognized by those of skill in the art that a device implementingsystem 10 may act as either a sending device 12 or a receiving device14, or both, and have been assigned reference numerals as one or theother strictly for the purposes of illustrating an embodiment of theinvention. System 10 ensures that messages are sent to the correctperson/device and that the sender is the person authorized to make thetransmission.

As seen in FIG. 1, a host server 16 facilitates system 10 in combinationwith devices 12 and 14, preferably through the use of software installedon participating devices 12 and 14, such as an application that isdownloaded and run on the sending and receiving devices 12 and 14 thatwill be participating in data transmission or messaging. For example,the local device portions of system 10 may be implemented via adownloadable app for devices such as smartphones, tablets, laptops,desktop computers, as well as gaming systems, smart televisions,navigation systems, vehicular computers, and the like. Along theselines, system 10 can be configured to require a conventional useridentification and password for each user to provide added security and,as explained below, for a user to remotely access host 16, such as if aparticipating device 12 or 14 is lost.

Referring to FIG. 2, system 10 contains a device management module 18that manages authentications, subscriptions, user contacts, andciphering, and is in communication with a database 20 for storing andretrieving data associated with the various processes. Preferably,database 20 is maintained remotely from devices 12 and 14 for additionalsecurity, such as in the “cloud” as that term is used in the field torefer to remotely positioned storage accessible via the internet.Preferably, messages themselves are not retained in database 20 toimprove security. For example, a user may request remote pairing with aparticular contact stored within database 20 by using management module18 to retrieve the contact from database 20. System 10 then communicatesthe pairing request, which may be rejected or accepted by device 14. Ifaccepted, the MAC addresses are shared between the host files associatedwith devices 12 and 14, and thus stored in the corresponding databasefiles associated with the other device along with appropriate useridentification (ID) information.

As seen in FIG. 3, system 10 may be configured to operate overExtensible Messaging and Presence Protocol (XMPP) 22 or SessionInitiation Protocol (SIP) 24 based networks, and includes module forperforming authentication/paring 26, messaging multiplexing 28,encryption/decryption, and an LDAP database 30. System 10 furtherincludes an application/web module 32 for retrieving and using userinformation, pairing relationships, contacts, subscriptions, logs, andstatus information.

After at least one pair is achieved and stored in database 20, a datatransmission may be made using system 10. For example, as seen in FIG.4, a user can select a contact from management module 18 and send amessage that is encrypted by system 10. If the receiving device's MACaddress and user ID information are confirmed based on pre-configuredpairing information in database 20, the message is sent from sendingdevice 12 to the receiving device 14 via system 10. Thus, messages passthrough system 10, which acts as a postmaster, and not directly betweenthe devices.

Referring to FIG. 5, system 10 employs a hierarchy of servers toaccomplish securing message transmissions. More particularly, anauthentication server 36 having access to database 20 is incommunication with an XMPP relay server 38, a pairing server 40, amessaging relay status server 42, a plug-in control server 44, and a webserver 46. System 10 may thus be used to provide user identification,such as in connection with a voice or video conferencing session,wherein one or more sessions are started by the participants. Forexample, the identity of the user/participants may be confirmed bychecking the device MAC addresses of users after they have logged intothe program.

System 10 may further be programmed to control the amount of time thatsecure messages are available to the receiving device. For example, eachmessage may be accompanied by a deletion parameter that is set bysending device 12 and specifies when the message is to be automaticallydeleted by the receiving device 14. In an additional embodiment of thepresent invention, sending device 12 may remotely set the deletiontrigger to cause immediate deletion of the message regardless of thestatus of the message on receiving device 14, i.e., a message may bedeleted before it has been read or viewed.

In a preferred embodiment of the present invention, system 10 employsthe hierarchy of FIG. 5 to avoid the need for storage of data involvedin the secure transmission. For example, picture, video, sound, and datafiles may be transmitted between and viewed using devices using system10. By not retaining the data associated with messaging files in device12 or 14, such as deleting or flushing immediately or as directed byusers, such as after the messages have been read or accessed, there istotal privacy and integrity during paired conversations. System 10 mayfurther be programmed to allow a user to remotely disable pairedconnection. For example, a user that loses device 12 may access system10 via the internet using the web server of system 10 to delete allpaired connections from system 10.

What is claimed is:
 1. A method of securely transmitting messagesbetween electronic devices, comprising: receiving a request to send amessage from a sending device having a first MAC address to a receivingdevice having a second MAC address; confirming that said first MACaddress of said sending device matches at least said one of apredetermined plurality of unique MAC addresses associated with acorresponding plurality of registered electronic devices and stored inmemory; confirming that said second MAC address of said receiving devicematches another one of said predetermined plurality of unique MACaddresses in said memory; and forwarding said message from said sendingdevice to said receiving device if said first and second MAC addressesare confirmed as having matches in said memory.
 2. The method of claim1, wherein each of said predetermined plurality of unique MAC addressesassociated with a corresponding plurality of registered electronicdevices have been paired with at least another of predeterminedplurality of unique MAC addresses.
 3. The method of claim 2, furthercomprising the step of confirming that said first MAC address of saidsending device has been paired with said second MAC address of saidreceiving device and wherein the step of forwarding said message isperformed only if said first and second MAC addresses have been paired.4. The method of claim 1, further comprising the step of pairing atleast one of said predetermined plurality of unique MAC addresses withanother of said predetermined plurality of unique MAC addresses inresponse to a pairing request received from a requesting device havingone of said predetermined plurality of unique MAC addresses that isforwarded to and accepted by another of said plurality of registereddevices.
 5. The method of claim 4, further comprising the step ofterminating said pairing at request of either device involved in saidpairing.
 6. The method of claim 1, wherein said message furthercomprises a deletion parameter that specifies how long said message isto be retained by said receiving device.
 7. The method of claim 1,further comprising the step of causing the deletion of said message fromsaid receiving device in response to a deletion request from saidsending device.
 8. The method of claim 1, further comprising the step ofregistering at least one of said predetermined plurality of unique MACaddresses associated with a corresponding plurality of registeredelectronic devices by requiring a user identification and a passwordfrom each device and associating said user name and password with saidMAC address for said registered device.
 9. The method of claim 8,wherein the step of registering at least one of said predeterminedplurality of unique MAC addresses associated with a correspondingplurality of registered electronic devices further comprises the step ofrequiring the presence of downloadable software on each electronicdevice to be registered.
 10. The method of claim 8, further comprisingthe step of confirming that said username and password of said sendingdevice match said registered username and password associated with theone of said predetermined plurality of unique MAC addresses thatcorresponds with said sending device.
 11. A system for securelytransmitting messages between electronic devices, comprising: a databasecontaining a plurality of MAC addresses uniquely corresponding with aplurality of electronic devices; a server programmed to forward amessage from a sending device having a first MAC address to a receivingdevice having a second MAC address if said database contains said firstMAC address and said second MAC address.
 12. The system of claim 11,wherein said server is further programmed to establish at least onepairing between two or more of said electronic devices and save saidpairing relationship with said database.
 13. The system of claim 12,wherein the server is further programmed to verify that said sendingdevice and said receiving device have a pairing relationship prior toforwarding said message.
 14. The system of claim 12, wherein said servedis programmed to establish at least one pairing by forwarding a requestfrom a first device registered in said database to a second deviceregistered in said database and receiving from said second electronicdevice an acceptance or denial of said request.
 15. The system of claim14, wherein said server is further programmed to terminate said pairingat request of any device within said pairing relationship.
 16. Thesystem of claim 11, wherein said server is further programmed to add adeletion parameter to said message to notify said second device todelete said message after a predetermined time.
 17. The system of claim11, wherein said server is further programmed to remotely delete saidmessage from said second device after a predetermined time.
 18. Thesystem of claim 11, wherein said database stores, along with each MACaddress, a username and password associated with each of said electronicdevices in said database.
 19. The system of claim 18, wherein saidserver is further programmed to request from said sending device a firstusername and password and from said receiver device a second usernameand password and to confirm that said first username and passwordmatches said username and password associated with said first electronicdevice and said second username and password matches said username andpassword associated with said second device.
 20. The system of claim 11,wherein said server is further programmed to require the presence ofdownloadable software on each device stored in said database.